A Short History of Cyberwar Lookalikes

Posted June 17th, 2009 by

Rybolov’s Note: Hello all, I’m venturing into an open-ended series of blog posts aimed at starting conversation. Note that I’m not selling anything *yet* but ideas and maybe some points for discussion.

Let’s get this out there from the very beginning: I agree with Ranum that full-scale, nation-v/s-nation Cyberwar is not a reality.  Not yet anyway, and hopefully it never will be.  However, on a smaller scale with well-defined objectives, cyberwar is not only happening now, but it is also a natural progression over the past century.

DojoSec Monthly Briefings – March 2009 – Marcus J. Ranum from Marcus Carey on Vimeo.

Looking at where we’re coming from in the existing models and techniques for activities similar to cyberwar, it frames our present state very nicely :

Electronic Countermeasures. This has been happening for some time.  The first recorded use of electronic countermeasures (ECM) was in 1905 when the Russians tried to jam radio signals of the Japananese fleet besieging Port Arthur.  If you think about ECM as DOS based on radio, sonar, etc, then it seems like cyberwar is just an extension of the same denial of communications that we’ve been doing since communication was “invented”.

Modern Tactical Collection and Jamming. This is where Ranum’s point about spies and soldiers falls apart, mostly because we don’t have clandestine operators doing electronic collection at the tactical level–they’re doing both collection and “attack”.  The typical battle flow goes something along the lines of scanning for items of interest, collecting on a specific target, then jamming once hostilities have begun.  Doctrinally, collection is called Electronic Support and jamming is called Electronic Attack.  What you can expect in a cyberwar is a period of reconnaissance and surveillance for an extended length of time followed by “direct action” during other “kinetic” hostilities.

Radio Station Jamming. This is a wonderful little world that most of you never knew existed.  The Warsaw Pact used to jam Radio America and other sorts of fun propaganda that we would send at them.  Apparently we’ve had some interesting radio jamming since the end of the Cold War, with China, Cuba, North Korea, and South Korea implicated in some degree or another.

Website Denial-of-Service. Since only old people listen to radio anymore and most news is on the Internet, so it makes sense to DOS news sites with an opposing viewpoint.  This happens all the time, with attacks ranging from script kiddies doing ping floods to massive DOSBots and some kind of racketeering action… “You got a nice website, it would be pretty bad if nobody could see it.”  Makes me wonder why the US hasn’t taken Al Jazeera off the Internet.  Oh, that’s right, somebody already tried it.  However, in my mind, jamming something like Al Jazeera is very comparable to jamming Voice of America.

Estonia and Gruzija DOS. These worked pretty well from a denial-of-communications standpoint, but only because of the size of the target.  And so what if it did block the Internet, when it comes to military forces, it’s at best an annoyance, at most it will slow you down just enough.  Going back to radio jamming, blocking out a signal only works when you have more network to throw at the target than the target has network to communicate with the other end.  Believe it or not, there are calculators to determine this.

Given this evolution of communications denial, it’s not unthinkable that people wouldn’t be launching electronic attacks at each other via radar, radio, carrier pigeon, IP or any other way they can.

However, as in the previous precedents and more to some of the points of Ranum’s talk at DojoSec, electronic attacks by themselves only achieve limited objectives.  Typically the most likely type of attack is to conduct a physical attack and use the electronic attack, whether it’s radio, radar, or IT assets, to delay the enemy’s response.  This is why you have to take an electronic attack seriously if it’s being launched by a country which has a military capable of attacking you physically–it might be just a jamming attack, it might be a precursor to an invasion.

Bottom line here is this: if you use it for communication, it’s a target and has been for some time.



Similar Posts:

Posted in Technical, The Guerilla CISO, What Doesn't Work, What Works | 5 Comments »
Tags:

5 Responses

  1.  Handsome Donkey Says:

    That all makes sense, but most folks have never had to think about COMINT and EW as part of their daily peacetime lives.

    Additionally, most of the standing IRL military forces are explicitly tied into a national diplomatic game theory machine. The standing armies of “cybular warfare” are mercenary outfits and angry children.

    I am still waiting for someone to bring up the idea of a pre-emptive “cyber treaty” before somebody’s Information Operations Dragoons take out N hospitals/ATC centers because they fat-fingered in the channel or got handed the wrong post-it. Not that a treaty would necessarily hold weight given my paragraph #2, above, but it would be nice if the countries admitting in public to standing up their own hack squadrons could agree to try really hard not to fuck up civilian emergency services any more than necessary.

  2.  rybolov Says:

    Hi Handsome Donkey, nice alias BTW.

    Interesting tangent from your comment is that we are in the process of building a professional capability instead of the usual mercenaries and kiddies. More to come on this.

  3.  LonerVamp Says:

    I think a major point of contention is simply rooted in the unfortunate term, “cyberwar.” It’s been a while since I saw that Ranum talk, but I remember thinking that he largely was trying to define “cyberwar” and explain that what we’re seeing is not some sort of “war” but rather pieces that we already do or more resemble terrorism-/activism-type attacks.

    I think another term I’ve seen pandered about is cyberskirmish

  4.  The Spanish Civil War and the Rise of Cyberwar | The Guerilla CISO Says:

    […] Comments LonerVamp on A Short History of Cyberwar Lookalikesrybolov on A Short History of Cyberwar LookalikesHandsome Donkey on A Short History of Cyberwar […]

  5.  Dan Philpott Says:

    An interesting aside would be Russia’s use of ECM at Port Arthur may be an apt example of governmental efforts for cyberwar defense in general. Port Arthur was lost due to an effective physical attack by the Japanese aided in no small part by the information gained after the extrication of an underappreciated, underpaid and overinformed Chinese engineer with deep knowledge of defenses. Allegedly this extrication was aided by a young Sidney Reilly, later a famous British spy who often worked for his own best financial interests. So the lesson here may be that cyberwar attack and defense is not half so important as having good information security practices in place.

Leave a Comment

Please note: Comment moderation is enabled and may delay your comment. There is no need to resubmit your comment.


Visitor Geolocationing Widget: